CVE-2026-24136 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Ref…
High CVSS: 8.7

CVE-2026-24136

Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference (IDOR) vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor 3.2.0 could have PIIs exfiltrated. The issue has been patched in Saleor versions: 3.22.29, 3.21.45, and 3.20.110. To workaround, temporarily block non-staff users from fetching order information (the order() GraphQL query) using a WAF.
Vendor
Saleor
Product
Saleor
CWE
CWE-639
Yayın Tarihi
2026-01-24 00:15:49
Güncelleme
2026-02-12 16:15:00
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-639 Saleor HIGH Saleor 2026

Referanslar

https://github.com/saleor/saleor/commit/5dab1857fbb2801f74e2bfe86f307e4590d9d2fa https://github.com/saleor/saleor/commit/718ce1b4fc3aef68eeac1aea0cf1d70a614ba6af https://github.com/saleor/saleor/commit/9bcd4f9000b189297eeb3ac88cc28c6c30229153 https://github.com/saleor/saleor/commit/aeaced8acb5e01055eddec584263f77e517d5944 https://github.com/saleor/saleor/security/advisories/GHSA-r6fj-f4r9-36gr